models

package

v0.0.0-...-42a42c3 Latest Latest Go to latest Published: Jun 27, 2018 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dustin-decker/threatseer

Links

Open Source Insights

Documentation ¶

Index ¶

type Event
type Indicator
type KernelEvent
- func GetKernelEventContext(e Event) *KernelEvent
type ProcessEvent
- func GetProcessEventContext(e Event) *ProcessEvent

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Event ¶

type Event struct {
	Event      *api.TelemetryEvent
	Indicators []Indicator
	ClientAddr string
}

Event contains information about the source, the original event, and any indicators gathered up to the point in time

type Indicator ¶

type Indicator struct {
	ID             string `orm:"column(id);index;pk"`
	ProcessID      string `orm:"column(process_id);index"`
	ProcessEventID string `orm:"column(process_event_id);index"`
	Engine         string
	RuleName       string `orm:"column(rule_name)"`
	IndicatorType  string `orm:"column(indicator_type)"`
	Description    string
	ExtraInfo      string `orm:"column(extra_info)"`
	Score          int
}

Indicator is an individual result from an engine

type KernelEvent ¶

type KernelEvent struct {
	ID            string    `orm:"column(id);index;pk"`
	CreatedAt     time.Time `orm:"column(created_at);auto_now_add;type(datetime)"`
	SensorID      string    `orm:"column(sensor_id);index"`
	ProcessID     string    `orm:"column(process_id);index"`
	ContainerID   string    `orm:"column(container_id)"`
	ContainerName string    `orm:"column(container_name)"`
	ProcessPID    int32     `orm:"column(process_pid);index"`
	Credentials   string    `orm:"column(credentials)"`

	Dest string `orm:"column(dest);index"`
}

KernelEvent is that

func GetKernelEventContext ¶

func GetKernelEventContext(e Event) *KernelEvent

GetKernelEventContext returns a KernelEvent from an Event returns nil if it is not a KernelEvent

type ProcessEvent ¶

type ProcessEvent struct {
	ID            string    `orm:"column(id);index;pk" json:"id"`
	CreatedAt     time.Time `orm:"column(created_at);auto_now_add;type(datetime)"`
	SensorID      string    `orm:"column(sensor_id);index"`
	ProcessID     string    `orm:"column(process_id);index"`
	ContainerID   string    `orm:"column(container_id)"`
	ContainerName string    `orm:"column(container_name)"`
	ProcessPID    int32     `orm:"column(process_pid);index"`
	Credentials   string    `orm:"column(credentials)"`

	ProcessEventType string `orm:"column(process_event_type)"`
	ExecFilename     string `orm:"column(exec_filename)"`
	ExecCmdLine      string `orm:"column(exec_cmd_line)"`
	ForkChildPID     int32  `orm:"column(fork_child_pid);index"`
	ForkChildID      string `orm:"column(fork_child_id)"`
}

ProcessEvent is that

func GetProcessEventContext ¶

func GetProcessEventContext(e Event) *ProcessEvent

GetProcessEventContext returns a ProcessEvent from an Event returns nil if it is not a ProcessEvent

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL